Security & Privacy
Your privacy and the security of your data are important to us. This page explains how Playlist Pipeline handles your information.
Data We Collect
Section titled “Data We Collect”When Using the Web App
Section titled “When Using the Web App”| Data | Purpose | Stored |
|---|---|---|
| Spotify user ID | Identify your account | Yes |
| Spotify access token | Make API calls on your behalf | Yes (encrypted) |
| Pipeline configurations | Store your pipelines | Yes |
| Pipeline run history | Show execution history | Yes |
When Using the CLI
Section titled “When Using the CLI”The CLI stores your Spotify credentials locally on your machine. No data is sent to our servers unless you’re using a feature that requires it.
Data We Don’t Collect
Section titled “Data We Don’t Collect”- Your email address (we use Spotify OAuth)
- Your listening history
- Your payment information (handled by Stripe)
- Personal information beyond what Spotify provides
- Analytics or tracking data about your usage
Data We Don’t Store
Section titled “Data We Don’t Store”- Track audio or content
- Your full playlist contents (we process but don’t permanently store)
- Personal data from your Spotify profile
Spotify Integration
Section titled “Spotify Integration”Permissions
Section titled “Permissions”Playlist Pipeline requests the following Spotify scopes:
| Scope | Purpose |
|---|---|
playlist-read-private | Read your private playlists |
playlist-read-collaborative | Read collaborative playlists |
playlist-modify-public | Create/update public playlists |
playlist-modify-private | Create/update private playlists |
user-library-read | Read your saved tracks |
Token Storage
Section titled “Token Storage”- Access tokens are encrypted at rest
- Tokens are refreshed automatically when they expire
- You can revoke access at any time via Spotify
Security Measures
Section titled “Security Measures”Infrastructure
Section titled “Infrastructure”- All traffic is encrypted with TLS
- Database is encrypted at rest
- Secrets are managed securely
Authentication
Section titled “Authentication”- OAuth 2.0 with Spotify (no passwords stored)
- Session tokens are cryptographically signed
- Sessions expire after inactivity
Self-Hosted Instances
Section titled “Self-Hosted Instances”If you self-host Playlist Pipeline:
- You control all data storage
- No data is sent to our servers
- You’re responsible for securing your instance
Data Retention
Section titled “Data Retention”| Data Type | Retention |
|---|---|
| Account data | Until you delete your account |
| Pipeline configurations | Until you delete them |
| Run history | 90 days |
| Logs | 30 days |
Your Rights
Section titled “Your Rights”You can:
- Export your data - Download your pipeline configurations
- Delete your account - Remove all your data from our servers
- Revoke access - Remove Spotify authorization at any time
Deleting Your Data
Section titled “Deleting Your Data”Web App
Section titled “Web App”- Go to Settings > Account
- Click Delete Account
- Confirm deletion
This will:
- Delete all your pipelines
- Delete your run history
- Remove your account from our database
- Note: This does not revoke Spotify access (do that separately)
Revoke Spotify Access
Section titled “Revoke Spotify Access”- Go to Spotify Account Apps
- Find “Playlist Pipeline”
- Click Remove Access
Open Source
Section titled “Open Source”Playlist Pipeline is open source. You can:
- Review the code on GitHub
- Self-host for complete data control
- Audit the security practices
Contact
Section titled “Contact”For security concerns or questions about your data:
- Email: security@playlistpipeline.com
- For vulnerabilities: Please disclose responsibly via email